Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin->format, leading to a use after free in audio_format_compatible. This vulnerability is fixed in 3.22.0.
Published: 2026-02-09
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Heap use‑after‑free
Action: Patch
AI Analysis

Impact

FreeRDP contains a heap use‑after‑free in the audio_format_compatible function. It occurs when AUDIN format renegotiation frees the active format list while a capture thread still references audin->format. This misuse of memory can lead to corruption of heap data and may cause the application to crash.

Affected Systems

The flaw affects all FreeRDP installations built from source releases prior to version 3.22.0. Any client or server running an older build is potentially vulnerable.

Risk and Exploitability

The CVSS score of 7.7 indicates high severity. EPSS <1% suggests low probability of current exploitation, and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, the trigger for the defect involves AUDIN format renegotiation, which normally occurs during a remote desktop session, implying that the likely attack vector is network-based interaction with the RDP service.

Generated by OpenCVE AI on April 18, 2026 at 18:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FreeRDP to version 3.22.0 or later, which contains a fix for the use‑after‑free.
  • If upgrading immediately is not possible, consider disabling audio redirection or the AUDIN format renegotiation feature in remote desktop sessions until the patch is applied. This is a temporary mitigation.
  • Regularly monitor the FreeRDP project and security advisories for additional updates or workarounds.

Generated by OpenCVE AI on April 18, 2026 at 18:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8042-1 FreeRDP vulnerabilities
History

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Freerdp
Freerdp freerdp
Vendors & Products Freerdp
Freerdp freerdp

Tue, 10 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

threat_severity

Moderate

Mon, 09 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin->format, leading to a use after free in audio_format_compatible. This vulnerability is fixed in 3.22.0.
Title FreeRDP has a heap-use-after-free in audio_format_compatible
Weaknesses CWE-416
References
Metrics cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Freerdp Freerdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-10T16:02:23.696Z

Reserved: 2026-01-23T20:40:23.388Z

Link: CVE-2026-24676

cve-icon Vulnrichment

Updated: 2026-02-10T15:40:10.578Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-09T19:15:48.890

Modified: 2026-02-10T15:04:59.453

Link: CVE-2026-24676

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-09T18:15:33Z

Links: CVE-2026-24676 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:30:07Z

Weaknesses